diff options
| author | bsiegert <bsiegert> | 2016-12-04 15:28:33 +0000 |
|---|---|---|
| committer | bsiegert <bsiegert> | 2016-12-04 15:28:33 +0000 |
| commit | 2d92361724c85eca9e018789e63bf771b961a13e (patch) | |
| tree | 83af7e6f197e198e01c8140bebab0e5fae6162d1 | |
| parent | 706610fa4dafb82848076b7ace2d7bd2eab6cfac (diff) | |
| download | pkgsrc-2d92361724c85eca9e018789e63bf771b961a13e.tar.gz | |
Pullup ticket #5167 - requested by sevan
archivers/p7zip: security fix
Revisions pulled up:
- archivers/p7zip/Makefile 1.64
- archivers/p7zip/distinfo 1.51
- archivers/p7zip/patches/patch-CPP_7zip_Archive_7z_7zIn.cpp 1.1
---
Module Name: pkgsrc
Committed By: sevan
Date: Wed Nov 30 14:29:09 UTC 2016
Modified Files:
pkgsrc/archivers/p7zip: Makefile distinfo
Added Files:
pkgsrc/archivers/p7zip/patches: patch-CPP_7zip_Archive_7z_7zIn.cpp
Log Message:
Add patch for CVE-2016-9296 https://sourceforge.net/p/p7zip/bugs/185/
Bump rev
| -rw-r--r-- | archivers/p7zip/Makefile | 3 | ||||
| -rw-r--r-- | archivers/p7zip/distinfo | 3 | ||||
| -rw-r--r-- | archivers/p7zip/patches/patch-CPP_7zip_Archive_7z_7zIn.cpp | 14 |
3 files changed, 18 insertions, 2 deletions
diff --git a/archivers/p7zip/Makefile b/archivers/p7zip/Makefile index 5225c9558e3..f343097d60c 100644 --- a/archivers/p7zip/Makefile +++ b/archivers/p7zip/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.63 2016/07/19 08:26:10 mef Exp $ +# $NetBSD: Makefile,v 1.63.2.1 2016/12/04 15:28:33 bsiegert Exp $ DISTNAME= p7zip_16.02_src_all PKGNAME= ${DISTNAME:S/_src_all//S/_/-/} +PKGREVISION= 1 CATEGORIES= archivers MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=p7zip/} EXTRACT_SUFX= .tar.bz2 diff --git a/archivers/p7zip/distinfo b/archivers/p7zip/distinfo index 6edea56a6f9..097eccbf518 100644 --- a/archivers/p7zip/distinfo +++ b/archivers/p7zip/distinfo @@ -1,9 +1,10 @@ -$NetBSD: distinfo,v 1.50 2016/07/19 08:26:10 mef Exp $ +$NetBSD: distinfo,v 1.50.2.1 2016/12/04 15:28:33 bsiegert Exp $ SHA1 (p7zip_16.02_src_all.tar.bz2) = e8819907132811aa1afe5ef296181d3a15cc8f22 RMD160 (p7zip_16.02_src_all.tar.bz2) = 03550898e45b3eabe4ea0df5ee3787bd8f179fd0 SHA512 (p7zip_16.02_src_all.tar.bz2) = d2c4d53817f96bb4c7683f42045198d4cd509cfc9c3e2cb85c8d9dc4ab6dfa7496449edeac4e300ecf986a9cbbc90bd8f8feef8156895d94617c04e507add55f Size (p7zip_16.02_src_all.tar.bz2) = 4239909 bytes +SHA1 (patch-CPP_7zip_Archive_7z_7zIn.cpp) = cce409d45be6ae8e96314dad1c51d9feb09bc817 SHA1 (patch-CPP_Windows_DLL.cpp) = 12fb3f3cf4d32b8848f741dde6bcb0e56a9c6745 SHA1 (patch-aa) = 9c103fa831cc6ff099e3a604c763ff416f1b48ec SHA1 (patch-ab) = c680fb037b9ef5e19e4c8dc71dd710598277a61b diff --git a/archivers/p7zip/patches/patch-CPP_7zip_Archive_7z_7zIn.cpp b/archivers/p7zip/patches/patch-CPP_7zip_Archive_7z_7zIn.cpp new file mode 100644 index 00000000000..2008c48fd34 --- /dev/null +++ b/archivers/p7zip/patches/patch-CPP_7zip_Archive_7z_7zIn.cpp @@ -0,0 +1,14 @@ +$NetBSD: patch-CPP_7zip_Archive_7z_7zIn.cpp,v 1.1.2.2 2016/12/04 15:28:33 bsiegert Exp $ + +CVE-2016-9296 https://sourceforge.net/p/p7zip/bugs/185/ + +--- CPP/7zip/Archive/7z/7zIn.cpp.orig 2016-11-30 14:19:04.000000000 +0000 ++++ CPP/7zip/Archive/7z/7zIn.cpp +@@ -1097,6 +1097,7 @@ HRESULT CInArchive::ReadAndDecodePackedS + if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) + ThrowIncorrect(); + } ++if (folders.PackPositions) + HeadersSize += folders.PackPositions[folders.NumPackStreams]; + return S_OK; + } |